According to reports on Nyleveia.com, Eurogamer, and NeoGAF, Sony's PlayStation Network password reset system-the one just put in place after the PSN hack-has been compromised, allowing hackers to change a PSN password if they know your email and date of birth. Exactly the sort of information that was released in the original hack.

Sony has taken the password reset system offline. Kotaku has reached out to Sony for comment.

Advertisement

Update 1: The good news (as pointed out by NeoGAF's "Metalmurphy") is that if your account was compromised, you should have gotten an email from PSN that says your password has been reset.

Update 3: This is the purported exploit as provided to Kotaku. As PlayStation services are now offline, this exploit is no longer able to be executed:

The prodecure is as follows:
1) Navigate to : https://store.playstation.com/accounts/reset/resetPassword.action?token (this is normally, via email, https://store.playstation.com/accounts/reset/resetPassword.action?token=YYYYYYYYYYYYYYYYYYYYYYYY with the y's being a unique token) - do not enter the code at this point.
2) Open a new tab in firefox, and go to fr.playstation.com (other pages will work too most likely), and click Login (Connexion)
3) Click Recover password
4) Enter the email and date of birth of the target account
5) Click continue, then on the confirmation page, click "Reset using E-mail"
6) Switch back to the original tab, and enter the code, then click continue
7) You will now be asked to enter a new password for the target account

Update 4: According to Sony's PlayStation blog, "Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed."